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What is claimed is: 

1. An authentication system, comprising: 

a filter to monitor sessions between a client and a server 
for proper authentication; 

a plug-in coupled to the client and the server, said plug-in 
to generate public and private key pairs, and to receive and 
store certificates; and 

an extension coupled to said filter, said extension to 
generate script commands to cause the client and the server to 
perform required operations indicated by said filter. 

2. The system of claim 1, wherein the certificates are 
used to certify the client to the server. 

3. The system of claim 1, wherein the certificates are 
used to certify the server to the client. 

4. The system of claim 1, wherein the certificates are 
used to certify the client and the server to each other. 



5. The system of claim 1, wherein the script commands are 
implemented in a hypertext markup language (HTML) program. 
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6. A secure client/server system, comprising: 
a client to request data or service; 

a server to provide the requested data or service; and 
an authentication system including: 

a filter to monitor sessions between the client and the 
server for proper authentication, 



and store certificates, and 

an extension coupled to said filter, said extension to 
generate script commands to cause the client and the server to 
perform required steps indicated by said filter. 

7. The system of claim 6, wherein the certificates are 
used to certify the client to the server. 

8, A method for providing a single sign-on authentication 
and privacy, comprising: 

submitting a request to access a node; 
directing to submit a certificate; 

verifying the submitted certificate with a trusted 
certificate; 

performing a challenge; 

generating a response to the challenge; and 
saving the response as a named cookie. 



a plug- in coupled to the client and the server, said 



plug- in to generate public and private key pairs, and to receive 
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9. The method of claim 8, wherein said response is used as 
a security token. 

10. The method of claim 9, wherein said security token is 
used to propagate an initial authentication. 

11. The method of claim 8, further comprising: 

creating a connection session if the certificate is valid. 

12. The method of claim 8, wherein said verifying the 
submitted certificate includes matching a signature on the 
submitted certificate with a signature on the trusted 
certificate . 

13. The method of claim 8, further comprising: 
generating a key; 

encrypting the key with a client's public key; 

sending an encrypted key to a client; and 

using the encrypted key to encrypt communication. 

14. A method for providing client privacy, comprising: 
generating a key; 

encrypting the key with a client's public key; 

sending an encrypted key to a client; and 

using the encrypted key to encrypt communication. 
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15. The method of claim 14, wherein said sending the 
encrypted key includes sending the key using a hypertext transfer 
protocol (HTTP) header. 

16. A method for providing a single sign-on authentication 



submitting a request to access a node; 
directing to submit a certificate; 

verifying the submitted certificate with a trusted 
certificate; 

performing a challenge; 

generating a response to the challenge; 

saving the response as a named cookie with an authentication 
token; and 

using standard Secure Socket Layer (SSL) library to provide 
communication privacy. 

17- The method of claim 16, wherein said verifying includes 
creating and registering new authentication session. 

18. The method of claim 17, wherein said verifying includes 
validating the new authentication session with the authentication 
token. 



and privacy, comprising: 



in 
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1 19. The method of claim 16, wherein said verifying includes 

2 indicating a failure status to a client if said verifying fails. 

1 20. The method of claim 16, wherein said performing said 

2 challenge includes generating a node challenge random number. 

1 21. The method of claim 16, wherein said directing includes 

2 receiving an address of the node; and 

3 checking to determine if the address is protected. 



22. The method of claim 16, further comprising: 
determining if the authenticatipn token is already present. 



Mi 23. The method of claim 22, further comprising: 

m 

2& determining if a client is on an access control list if the 



authentication is present and valid. 
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1 24. An apparatus comprising a computer- readable storage 

2 medium having executable instructions that enable the computer 

3 to: 

4 submit a request to access a node; 

5 direct to submit a certificate; 

6 verify the submitted certificate with a trusted certificate; 

7 perform a challenge; 

8 generate a response to the challenge; and 

9 save the response as a named cookie. 



P 

IQ 25. The apparatus of claim 24, wherein said response is 

used as a security token. 

m 

m 

£^ 26. An apparatus comprising a computer- readable storage 

medium having executable instructions that enable the computer 

0 to: 

1 

£1 submit a request to access a node; 

^) direct to submit a certificate; 

6 verify the submitted certificate with a trusted certificate; 

7 perform a challenge; 

8 generate a. response to the challenge; 

9 save the response as a named cookie with an authentication 

10 token; and 

11 use standard Secure Socket Layer (SSL) library to provide 

12 communication privacy. 
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27. The apparatus of claim 26, wherein said verify the 
submitted certificate includes instructions to create and 
register new authentication session. 



